Privacy Policy

168 Group Inc. ("we", "us", or "our") operates the Tabe Restaurant table booking system. This page informs you of our policies regarding the collection, use, and disclosure of Personal Information we receive from users of our service.

By using our service, you agree to the collection and use of information in accordance with this policy. We will not use or share your information with anyone except as described in this Privacy Policy.

Information Collection and Use

While using our service, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you. Personally identifiable information may include, but is not limited to:

• Name
• Email address
• Phone number
• Dietary restrictions or preferences
• Special requests related to your booking
• Payment method information (processed and tokenized by Stripe)

Booking Information

We collect information related to your bookings, including date, time, party size, table preferences, and any special requests or notes you provide. We also track check-in status and attendance for service improvement and analytics.

Payment Processing by Stripe

Important: All payment processing is handled by Stripe, Inc., a PCI Level 1 certified payment processor. We do NOT store, process, or have access to your actual credit card numbers.

• Secure Processing: Your card details are transmitted directly to Stripe's secure servers and never touch our systems
• Tokenization: Stripe provides us only with a secure token and the last 4 digits of your card for reference
• No Card Storage: We cannot see or access your full credit card number at any time
• Verification Only: Your card is verified but NOT charged at booking time (except for required deposits)
• Stripe's Security: Stripe maintains PCI DSS Level 1 compliance, uses AES-256 encryption, and is regularly audited
• Token Retention: Payment tokens are retained for up to 2 years for potential refunds or no-show fees
• Deletion Requests: Contact us at hello@168groupusa.com to request removal of your payment methods

For more information about Stripe's security practices, visit stripe.com/security

Enhanced Data Collection

To provide better service and ensure reservation integrity, we also collect:

• Check-in Tracking: We record when you check in for your reservation to improve service and table management
• No-Show Monitoring: We track attendance to identify patterns and may charge fees for repeated no-shows as outlined in our Terms of Service
• Card Verification: We perform a temporary authorization on your card to verify its validity (this is NOT a charge and will be released automatically)
• Device Information: IP address and browser information for security and fraud prevention

How We Use Your Information

We use the information we collect to:

• Process and manage your table reservations
• Communicate with you about your bookings, including confirmations, reminders, and updates
• Provide customer service and respond to inquiries
• Improve our services and user experience
• Send you marketing communications about special events, promotions, or offers (with your consent)
• Conduct analytics and research to better understand how users interact with our service
• Comply with legal obligations

Data Storage and Security

We value your trust in providing us your Personal Information, thus we strive to use commercially acceptable means of protecting it. However, no method of transmission over the internet, or method of electronic storage is 100% secure and reliable, and we cannot guarantee its absolute security.

Your data is stored securely on servers located in the United States. We maintain appropriate administrative, technical, and physical safeguards to protect your personal information from unauthorized access, use, modification, or disclosure.

Data Retention

We retain your personal information for as long as necessary to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.

Cookies and Tracking Technologies

We use cookies and similar tracking technologies to track activity on our service and hold certain information. Cookies are files with a small amount of data which may include an anonymous unique identifier.

You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our service.

For more information about the cookies we use, please see our Cookie Policy.

Third-Party Service Providers

We work with trusted third-party service providers to operate our booking system. We do not sell, trade, or rent your personal information to third parties.

Payment Processing - Stripe, Inc.

All payment processing is handled exclusively by Stripe, Inc.:

• What Stripe Handles: All credit card processing, tokenization, fraud detection, and payment security
• What We Never See: Your full credit card number, CVV code, or other sensitive payment details
• Stripe's Compliance: PCI DSS Level 1 certified, SOC 1/2/3 compliant, and regularly audited
• Data Location: Payment data is stored on Stripe's secure servers, not ours
• Your Rights: You can request we delete your payment tokens at any time by emailing hello@168groupusa.com

Other Service Providers

• Email Communications: We use email service providers to send reservation confirmations and updates
• Web Hosting: Our booking system is hosted on secure cloud infrastructure providers
• Analytics: We may use analytics services to understand usage patterns and improve our service

Information Sharing Circumstances

• With Your Consent: We may share information when you give us explicit permission
• Business Transfers: If 168 Group Inc. is involved in a merger, acquisition, or asset sale, your Personal Information may be transferred as part of that transaction. We will notify you before your Personal Information is transferred and becomes subject to a different Privacy Policy.
• Legal Requirements: We may disclose your Personal Information if required to do so by law or in response to valid requests by public authorities (e.g., a court or a government agency)
• Protection of Rights: We may disclose information to protect the rights, property, or safety of our business, our customers, or others

Your Rights (GDPR/CCPA Compliance)

Depending on your location, you may have certain rights regarding your personal information under GDPR (European Union) or CCPA (California) regulations:

• Right to Access: Request a copy of the personal information we hold about you
• Right to Correction: Request correction of inaccurate personal information
• Right to Deletion: Request deletion of your personal information (subject to legal retention requirements)
• Right to Restrict Processing: Request that we limit how we use your data
• Right to Data Portability: Receive your data in a structured, machine-readable format (JSON)
• Right to Object: Object to certain types of processing, including marketing
• Right to Withdraw Consent: Withdraw consent at any time for consent-based processing

How to Exercise Your Rights

To exercise any of these rights, please contact us directly:

• Email: Send your request to hello@168groupusa.com
• Include: Your name, email address used for bookings, and specific request
• Data Export: Request a copy of all your personal data in JSON format
• Data Deletion: Request removal of your personal information (subject to legal retention requirements)
• Payment Method Removal: Request immediate deletion of stored payment tokens from Stripe
• Marketing Opt-Out: Unsubscribe from promotional emails using the link in any marketing message

We will respond to your request within 30 days. For deletion requests, please note that we may need to retain certain information for legal compliance, such as transaction records for tax purposes.

Data Retention Periods

We retain your personal information for the following periods:

• Booking Data: 2 years after your last reservation for service improvement and dispute resolution
• Payment Tokens: 2 years after last use for refunds and no-show fee processing
• Transaction Records: 7 years for financial and tax compliance
• Marketing Communications: Until you unsubscribe or request deletion

After these retention periods, your personal data is automatically anonymized or deleted, while preserving necessary business analytics in an aggregated, non-identifiable form.

Children's Privacy

Our service does not address anyone under the age of 18 ("Children"). We do not knowingly collect personally identifiable information from children under 18. If you are a parent or guardian and you are aware that your child has provided us with Personal Information, please contact us. If we discover that a child under 18 has provided us with Personal Information, we will delete such information from our servers immediately.

Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date at the top of this Privacy Policy.

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.